JED Reviews - We Need Your Suggestions

[darb]

"Realistically, the only thing JED offers over a Google search is a centralized location for reviews (when that subsystem works) and the false premise that the extension has passed some kind of Joomla assessment to be deemed worthy of listing."

But at least they are at one place at Joomla HQ, listed by categories and search options, audit by its community and structured to comparision.

That doesnt Google fix.

[deleted user]

"Realistically, the only thing JED offers over a Google search is a centralized location for reviews (when that subsystem works) and the false premise that the extension has passed some kind of Joomla assessment to be deemed worthy of listing."

But at least they are at one place at Joomla HQ, listed by categories and search options, audit by its community and structured to comparision.

That doesnt Google fix.

You might place value in that. The uninformed individual might place value in that. As someone who knows the inner workings of the project pretty darn well, that doesn't mean a thing to me. I expect entries in a centralized catalogue or store to have been reviewed, periodically reviewed, and received proper auditing and accreditation to be listed in that store. The JED does not have a similar workflow to WordPress' plugins or themes directories, Drupal's modules listings, or at a larger scale something like the Apple App Store or Google Play. Knowing the inner workings as I do, I place no additional faith or trust in an entry being listed on the Joomla Extensions Directory than I do anything that is not submitted, and if more people were informed on how things actually worked they too would not emphasize "oh you have to be JED listed or you're crap" belief that I feel like way too many try to put out there for others to follow.

[sozzled]

Always a good read and thanks, Michael.

[darb]

"The JED does not have a similar workflow to WordPress' plugins or themes directories.:"

Comparing Wordpress workflow as a rawmodel?

I have not used WP for the last 2 years, if it changed?, so I cant judge now how it works but WordPress plg directory sucks! WordPress eliminating almost all negative comments by purpose to not let people know how much problem these plgs or WordPress have in reality.

Thats my experience and thats why I dont want to have nothing to do with that CMS bcs its so biased controlled by these people. Even Joomla isnt perfect for everyone you can almost always discuss things open here and have your own free opinion.

[Webdongle]

As a user who frequently looks for extensions I do not need to know the inner workings of JED to know what gives me the best results quickly.
If I need to find anything in JED I search google
site:extensions.joomla.org search words
It gives far better results

[darb]

As a user who frequently looks for extensions I do not need to know the inner workings of JED to know what gives me the best results quickly.
If I need to find anything in JED I search google
site:extensions.joomla.org search words
It gives far better results

@Webdongle

How do you know the latest updates/history/update frequents etc of these extensions ( if you not every day have to go to each developers sites after a Google search or your bookmarks)?

Bcs I want and follow 50-60 different developers closely and want to know when they in timely order update their different extensions. Its easy with "Latest updated" and I don't want to go to 60 sites every day to know if they have updated their different Joomla extensions software or not. And I have not installed them all just a few.

But if I see that they are actively develop new updated versions that create trust over time that they are not a one day Joomla dreamer developer that is not there for the long run. So then I can choose the right extension bcs I know how they work.

That make me also follow/choose between different Joomla developers and see how create most trust that they progressing and listening to customers need and make new improved enhancement and understand the Joomla/Open Source business model.

[sozzled]

It has now been two months since this topic was created—since the time we were asked to participate in a user survey; a fact-finding exercise. I asked if the results of that survey could be published and whether the JED development team had taken our comments/suggestions on-board.

It was not a complicated survey. It asked a couple of questions. The JED team agrees that there's a problem with the review system; the survey asked if the redeveloped JED should even include a review system considering all the problems that the current JED has with it.

It would be nice to think that, when we participate in surveys, the result(s) of those surveys may become publicly known after allowing a short interval of time for analysis. Otherwise, it would seem that these surveys are a waste of our time. So, if asked to contribute to future surveys about how the JED might be rebuilt, I doubt that I will be participating in them.

[Webdongle]

To be fair there is no real room on there for comments/suggestions. The search is next to useless in JED but nothing in the survey asking about that.

[darb]

To be fair there is no real room on there for comments/suggestions. The search is next to useless in JED but nothing in the survey asking about that.

Agree.

And as discussed here pls take back the "Last updated" viewtopic.php?f=262&t=973799 that have been in Joomla for approx 10 years (Mosets I miss you..) but was taken away just a few weeks ago!

Make it work there again and then for the new JED whenever that comes in to place have a better solution for fake "new" updates.

Thats a better leadership.

[darb]

I think this analysis here is also a good input for the JED - see paragraph 5 .. https://thephpfactory.com/articles/1402 ... joomla-org

[sozzled]

Thanks, @darb. Good read!

[shumisha]

Hi all

Might be late to the party but I (weeblr: sh404SEF and wbAMP) have been hit recently by issues when users posted reviews at the JED. We worked out some on Github but after finally having that review posted successfully, it was flagged as SPAM.

Anibal directed me to this topic which I've been reading entirely and I'd like to suggest the following comments and then a suggestion:

1 - Having reviews is important, both for users and developers, commercial or not
2 - Having spam-free reviews is equally important. If not, probably better drop the reviews entirely
3 - No anti-spam system will work 100%, either because of false negatives or false positives
4 - False negatives (ie uncaught spammy reviews) can already be handled: we can report them to the team to be manually checked. False positives are the problem.
5 - The JED team cannot manually check ALL reviews before they're posted
6 - Checking users postal addresses, etc seems hard: even if a post code or an address exists, it does not mean the reviewer lives there! And checking the IP address against a postal address just does not cut it, there are too many real, valid exceptions.
7 - I don't see how a token would help either, having the proper token would be easily counterfeit. Lowering the spam-detection level because we think a token is preventing some spam would result in more spam, not less, I think.

I think the real problem is not so much that there are false positives. As no system is fool proof, errors are expected.
The real problem for me is that there is no "second chance" and a flagged review is gone for ever, without anybody knowing and having a chance to correct the false positives.

So may be a way to modify the JED workflow could be similar to:

1 - Incoming reviews are passed through the existing anti-spam system, or an improved one if one can be designed
2 - When a review is flagged as SPAM:

- the review is kept in the database and marked as SPAM
- spam reviews are listed on the JED record owner dashboard, on a new tab. Reason for spam flagging is displayed
- an email is fired off to the developer (the JED record owner)
- the JED record owner goes to the JED and can check the review. There are 2 buttons:
- It's SPAM: delete entirely
- It's not SPAM: submit to the JED team for manual check up. A comment field would be nice to have so that the developer can explain why the review is valid, provide reference (ie link to the site, link to support thread showing the user is a real user, ...)

3 - After a given period of time, maybe 2 weeks or a month, if the JED record owner has not checked the SPAM review, that review is deleted entirely.

Benefits are:

- we can have a strong anti-spam filter - because false positives have a chance to be manually recovered
- manual SPAM reviews recovery work is spread amongst all JED owners, not just the JED team. Each developer will have a small number of reviews to double-check. The JED team only has to manually check reviews the developer already checked and validated.
- the JED team has the final say about accepting a review - that cannot be done by the JED record owner

I think such a workflow, while it does require some work, could be implemented and has the significant advantage of spreading the workload over developers insted of relying on just the JED team.

What do you think?

[darb]

Good constructive input Shum! Thks.

[toivo]

Sounds good and hopefully these suggestions can be implemented.

I would like to continue submitting reviews but had to stop two years ago after several real, objective and definitely non-spam reviews were blocked by the automated system and the subsequent tickets hit a brick wall. I strongly believe that a healthy review system is vitally important to the Joomla supply chain.

[Webdongle]

The extension owner being notified a review (of their extension) had been moved to spam. Then being able to view that review ... would be good. They could then notify the JED team.

[mbennett417]

I think if you require two-factor authentication in order to login and use JED, and then force another 2FA entry to post a review, it will substantially cripple the spammers. Using either Google Authenticator or even text messaging should work.

I've also read the suggestion that JED developers should be able to preview and challenge reviews as spam, but not delete them. Maybe just having the ability to flag a post as "suspected spam" would be enough to remove the power of negative reviews in bulk.

It would do nothing to limit false positive reviews however, so a developer could pad the reviews with fakes and raise their rating.

However, the IP address screening system does not work and must end.

[shumisha]

Hi

@mbennett417:

> I've also read the suggestion that JED developers should be able to preview and challenge reviews as spam,

You might have read that elsewhere but that's not what I suggested. Current problem is:

1 - false negatives: reviews are SPAM but are accepted
2 - false positives: ie reviews that are valid but marked as SPAM

1 is not really an issue because a/ SPAM filtering is very strong, too strong very often and b/ extensions developer can already report SPAM reviews on their extensions. JED team accepts or not the report.

2 is the current problem: because of too stringent rules, some reviews are rejected while they should not. My proposal is to have those reviews screened by developers, only those reviews, and bring them to the attention of JED team: "hey, this is not really SPAM, accept it".

Sorry if you meant something else.

Rgds

[darb]

I think that JED should have obligatory semantic version number ie like x.y.z that is obligatory to fill in when list/update your extension.

For each extension you see the last updated version number and the date when it was updated. This is important information for trusted long term quality extension developers.

And that developers can not change previous versions number afterwards and not fill in the same versions number as the ones before. This will be obligatory conditions to have your extension listed on JED.

Right semantic versions number x.y.z with dates following JED policy to be listed.

This will correct better people shitting with "Recently update" waisting peoples time when its just false PR advertising

[shumisha]

Hi

I think that JED should have obligatory semantic version number ie like x.y.z that is obligatory to fill in when list/update your extension.

It's already so and has been like that for quite some times. Building a new zip with an updated version number takes a few seconds, that won't stop any one for "faking" an update.

Best regards

[toivo]

Building a new zip with an updated version number takes a few seconds, that won't stop any one for "faking" an update.

...but the challenge here is that many extensions never get updated when the developer releases new versions.

[shumisha]

...but the challenge here is that many extensions never get updated when the developer releases new versions.

That's another topic, it will hard to do anything about it, if the developer themselves don't come to the JED and update their listing.

[waarnemer]

Some raw thoughts based on above genuine ideas and comments...

On receiving valid reviews.
Have a JED rating component in the j! back end mandatory to file a review. Admins can only review from within the back end of their site.
Sometimes an extension breaks a site. It needs to be uninstalled immediately. In order to still be able to review, have a list of used third party extensions used. From that it will automatically create "proof" it exists/existed and has been installed (before).
(Allow admins to purge that list, once purged, no reviews can be made.)
(Include a "showcase" check box for those that want to show off their site )
Have plugin like System Joomla Statistics enabled and used at least once before to check against the ID.
ID should be accompanied by a registered reviewer. When you register as user, you receive an api key to use in the plugin. Review is checked against extension with version number, site ID and reviewer api key.
When as a reviewer already commented once there is no extra review, the JED will then show as how many times reviewer installed it. Adding extra info to the review. (and if show case checked, shows the site where it is used, should be unique)

In short it means a reviewer should really have installed it before any review could have been made. It also proves the reviewer actually has experience with the extension and how many times.


On Developer proof.
One of the comments above was on version number fraud by developers... when a new version is being made, take some into account.. a version number is like x.y.z. as mentioned, the numbers should be mandatory. On version numbers actions can be taken.

x being the major release (change, purge reviews as the previous has ended, reviews are no longer valid)
y being minor release (not changed within a year, lock reviewing)
z being a bugfix/security release (allow reviews to be kept)

Purge anything that is no longer compatible with active supported Joomla! versions. (already been done I believe)

On each change, developer is to publish a release note / change log.
That is something that can be enforced on the JED. Something that actually proves a change has been made.

[sozzled]

I've given up on this discussion. It doesn't really seem to matter how one looks at the topic, no-one's actually listening or taking our opinions seriously.

I have looked at this topic from three different perspectives.

1) How might we address the legitimacy of the review system? Lots of good suggestions but lots of show-stoppers that prevent any of them being implemented.

2) Why we would even bother addressing the legitimacy question given the obvious rampant abuses?

3) Did the "survey" actually achieve anything (apart more than a waste of time filling in the form) when it is clear from the JED team minutes that they're pressing ahead with a new system that retains the current review feature?

We've been waiting for five months now, since the survey was announced, to see the findings of that survey revealed. As I said at the beginning, I've given up expecting that our observations, comments, feedback and opinions will change anything. If the JED team needs our suggestions then it might be a good idea if they acknowledge them.

Unhappy.

[waarnemer]

realy, don't dispare......five months...is just nothing...
I work in big corporate world... 5 months.... is what it takes to even get to the answer of the question... will we ask another question?... yes or no? ... or?

It usually takes longer.... and indeed... sometimes it leads to nothing.. sometimes there is success... usually there is the grey in between.....

and truly... if huge big digital monsters like AriBnB, Booking.com, Google..backed by millions of dollars... cannot get things right on reviews... you cannot expect a 100% guaranteed success from a community driven JED.

I am happy there is a JED and I do not read reviews I test extensions... do what I like.. keep them.. else delete them... I hardly ever review... did it twice in my 10+ years on Joomla!
Though I can imagine some people do check...

[sozzled]

Keep trying, @waarnemer. I wish you luck.

As I've written, I have completely given up on this discussion. If you think you can do better with it then I sincerely wish you all the success in the world

There were six questions asked in the survey:

1) Have you used the JED system in the last twelve months? (Yes/No)
2) Have you ever submitted a review to the JED? (Yes/No)
3) Do you have any extensions listed in the JED (Yes/No)
4) Do you find reviews useful? (on a scale of 1-5, 5 being "very useful")
5) Do you think there should be reviews of extensions (Yes/No)
6) How could the reviews system be improved (free text response)

I don't think that the analysis of the first five questions would have been exceedingly challenging. In particular, it would be worth knowing what the raw answer to Q5 was. However, given the reluctance of the JED team to release any information about the survey, I don't think it matters what opinion(s) we have today. It looks to me that it's a done deal: reviews will remain (in spite of the survey results) and that's that.

There is another implied question from the survey: how many responses were received? If we knew the answer to that question then this may explain why the JED team is ignoring the survey. If, for example, only two or three replies were received then this probably invalidates the survey and the JED team just has to take a calculated gamble that their plans will achieve a satisfactory resolution of the issues we've discussed. I don't know ... and no-one is giving us the information we are seeking.

[waarnemer]

@sozzled, it has nothing to do with "trying" or having "luck" it all has to do with the fact we need to accept some things that don't really come or move our way or the way we want in a volunteer community based organisation... Since we don't pay for any, we don't control anyone's agenda.
Imho we are not to complain at the pace things are proceeding.

You say it is easy to publish the results of a survey... it isn't realy let's show some possible OPEN text answers to all questions:

1) I am a beginner... I still need to start using the JED
2) As I said; I am a beginner... I still need to start using the JED
3) What?
4) Since I am a beginner, yes I would surely like to see reviews...but...
5) Yes please as I am a beginner I sure need someone else's opinion on things
6) So... someone that can tell me how to rank nr 1. in Google?

So since 1 to 5 do not qualify for easy analysis... I'd say: stick to the question we mostly discuss here.
Question point 6... improvements.

And be patient... even if nothing changes in coming year... we seemed to have managed the last 14 years... we will manage the coming 14....

[darb]

Anyhow the JED is a very important crucial feature solution for Joomla community and without it Joomla would be dead and buried long time ago. With the new cloud solutions for publishing content this is a key factor for Joomla survivor. Hope to see templates there sooner than later bcs people and average Joe want to see how things looks and thats I guess WP have success of their templates first selling strategy where you get the extension for free but pay for good design template with the extension.

[deleted user]

On receiving valid reviews.
Have a JED rating component in the j! back end mandatory to file a review. Admins can only review from within the back end of their site.
Sometimes an extension breaks a site. It needs to be uninstalled immediately. In order to still be able to review, have a list of used third party extensions used. From that it will automatically create "proof" it exists/existed and has been installed (before).

Any system which requires joomla.org to be able to communicate with a website is a non-solution. It should NEVER be mandatory for someone to allow the joomla.org servers to extract information out of their website, no matter the reason. Contrary to what some people might think, Joomla is not always used in a location where anyone who knows how to open a web browser can find it (think intranets and otherwise firewalled locations that aren't exposed to the entire internet).

On Developer proof.
One of the comments above was on version number fraud by developers... when a new version is being made, take some into account.. a version number is like x.y.z. as mentioned, the numbers should be mandatory. On version numbers actions can be taken.

x being the major release (change, purge reviews as the previous has ended, reviews are no longer valid)
y being minor release (not changed within a year, lock reviewing)
z being a bugfix/security release (allow reviews to be kept)

Locking reviews because someone hasn't issued a feature release in a year is not a solution. Extensions which may be abandonware should still be reviewable, and may very well actually still function on the current Joomla release even if they haven't been updated in a year or more (I know one of my extensions which hasn't been updated in something like 3 years still works just fine). Reviews also do not immediately become invalid because someone changed a version number. I had an extension release which removed support for Google+, which by semantic versioning would be a breaking change and call for a major version bump; by your argument every review about every aspect of that extension becomes invalid because of that bump.

On each change, developer is to publish a release note / change log.
That is something that can be enforced on the JED. Something that actually proves a change has been made.

This does not actually prove anything. I can make releases once a day because I changed the formatting of my PHP files. It was an actual change committed into the version control repository. What changed for the end user? Not a damn thing. An artificial "you have to prove that changing the version number changed something substantial" requirement is just a waste of time and resources.

[waarnemer]

@mbabker.... as I said... raw thoughts..

Any system which requires joomla.org to be able to communicate with a website is a non-solution....... intranets....

Joomla.org isn't communicating with the site, the site is communicating with extensions.joomla.org (so other direction. Just like update/upgrade joomla/extensions and the plugin joomla statistics).
And maybe indeed a method like copy pasting a key should be introduced in the raw thought for those in a intranet... and indeed come to think of that, for those testing it on dev setups...

It should NEVER be mandatory for someone to allow the joomla.org servers to extract information out of their website...

As it isn't mandatory to review, nor is it an absolute right to review... there is a choice. Also there is no extract needed other than proof you actually are you say you are and you actually have installed and at least tried the extension.... I think that is to be mandatory to be able to review... but raw thoughts check the above....

(I know one of my extensions which hasn't been updated in something like 3 years still works just fine).

Then it still is at same major version.. only old and not maintained.... You can say it is still working but imho on extensions like, developer should at least test and publish it is working. You say it is working for you. But is it really for the world? ie. 3 years ago.. that was J!3.6 or 7? changes have been made since... 3 years ago PHP7.1 was introduced.. now we are going to PHP7.4... is it still working? If you did test against 7.2, 7.3, 7.4.....that could be in a release note.
But maybe indeed, additions to notes only can be made a proof of maintaining an extension... maintaining is not just adding code.. it is also checking if it still lives up to the expectation and new environments... but some proof of maintenance should be there.... indeed maybe not on(ly) the number.. it needs some new raw thoughts...

I had an extension release which removed support for Google+.....which by semantic versioning would be a breaking change and call for a major version bump

Well yes, since that may have been a part of your extension that important it would maybe be reviewed on... yes....ie. a reviewer could have written: awesome extension.. I cannot do without because of the Google+ support..... that review would become useless but still add to the count...

I can make releases once a day because I changed the formatting of my PHP files.....

1. And have a typo in the code.... breaking my site... in release notes you can always say you changed formatting of the PHP and I think developers should...
2. just changing because you can? yes you can but wouldn't that be YOUR waste of time?



Still, it is raw thoughts nothing resolute or absolute.... and maybe some mode for keeping reviews of previous versions of the extension should be kept in some way... but currently the JED allows for fake and too old reviews and that is potentially damaging to the whole of Joomla.

Then again... I hardly ever read them... I just test myself...

[deleted user]

(I know one of my extensions which hasn't been updated in something like 3 years still works just fine).

Then it still is at same major version.. only old and not maintained.... You can say it is still working but imho on extensions like, developer should at least test and publish it is working. You say it is working for you. But is it really for the world? ie. 3 years ago.. that was J!3.6 or 7? changes have been made since... 3 years ago PHP7.1 was introduced.. now we are going to PHP7.4... is it still working? If you did test against 7.2, 7.3, 7.4.....that could be in a release note.
But maybe indeed, additions to notes only can be made a proof of maintaining an extension... maintaining is not just adding code.. it is also checking if it still lives up to the expectation and new environments... but some proof of maintenance should be there.... indeed maybe not on(ly) the number.. it needs some new raw thoughts...

The ONLY time it should be mandatory to update an extension for a new platform version is with major versions which introduce backward compatibility breaks. I haven't touched an extension since Joomla 3.6 and PHP 7.1 were the current releases. That extension will work on Joomla 3.9 and PHP 7.4. Because that extension's code structure follows best practices and did not make use of deprecated functionality (in Joomla or PHP), even as new deprecations have been introduced. Now, there's no guarantee that extension will work on PHP 8, but based on a cursory review of the last code I committed it will work with Joomla 4 in the CMS' present state without issue (it'll just have non-optimal frontend layouts because those were designed against Protostar and Bootstrap 2).

An extension update that makes no changes except to add "supports Joomla/PHP x" is a waste of people's time, and if those types of changes are really needed then frankly that is a red flag regarding the quality of those extensions or a red flag regarding the quality control around the Joomla and/or PHP releases.

I had an extension release which removed support for Google+.....which by semantic versioning would be a breaking change and call for a major version bump

Well yes, since that may have been a part of your extension that important it would maybe be reviewed on... yes....ie. a reviewer could have written: awesome extension.. I cannot do without because of the Google+ support..... that review would become useless but still add to the count...

My point here wasn't that the major version bump was required. My point was that a version bump should not invalidate/hide/remove/whatever-you-want-to-call-it any past reviews. Reviews show a progression of the extension and a review is a snapshot of the reviewer's feelings about it at the time it was written. By your logic, a review becomes invalid as soon as a new version comes out, regardless of the Semantic Versioning definition of that release. Maybe the new version fixed a bug that caused the review to receive a lower score, or added a feature that the reviewer felt was lacking; there is no way a review on an older version is going to 100% reflect what a review on a newer release would look like. What the JED attempts (attempted? I don't know if they still do this, and frankly don't care) to do with weighted reviews (where newer reviews hold a greater weight in the overall score calculations while older reviews have a depreciated weighting) is a proper way to balance things, so long as that weighting is well documented.